Uncategorized

I was recently pointed to a great speech entitled “You and Your Research” given by Richard Hamming of Bell Labs (and Hamming codes!) fame. It’s essentially Hamming giving his insight on how to do great work as a scientist. I think it’s relevant for anyone doing infosec research today.

Here are my key takeaways:

Work on important problems.

Luck favors the prepared mind.

Courage is a characteristic of the successful.

Plant acorns to grow oak trees.

Follow the greats in your field.

Every defect can be looked at as an asset.

Knowledge and productivity are like compound interest.

Keep track of flaws in your theories.

Work on problems you’re committed to.

Get emotionally involved, otherwise your subconscious goofs off.

Reach out to people outside of your field.

Pursue opportunity when its presented.

Find and know the important problems in your field.

Practice makes perfect.

Schedule some dedicated time to make “great thoughts time”

Open doors -> more input -> finding the right problems.

Zoom out to see the larger problem.

You want others to stand on the shoulders of your work.

It’s not sufficient to do a job, you have to sell it.

Write clearly and well so that people will read it.

Learn to give formal talks.

Learn to give informal talks.

When giving a talk, start slowly and paint a general picture of why its imporant, and give a sketch of what was done.

Educate your boss, get other people to ask for what you need.

Take advantage of the systems around you to scale yourself.

Know thyself & watch thy ego.

The appearance of conforming gets you a long way.

Don’t spend effort needlessly fighting the system and don’t fool yourself by creating alibis for disappointment.

About

Jonathan Cran is a cybersecurity leader and entrepreneur based in San Francisco. An expert in security assessment, he has worked with many of the Global 2000 to improve their cybersecurity posture. He’s the founder of Pentestify (A cybersecurity think tank) and the Intrigue intelligence gathering framework. As the VP of Product with Bugcrowd, he’s currently helping organizations re-invent their application security.